Fraud is like termite damage: No one wants to consider that they have it, but it can eat away at the foundations of your business.
The recently issued “Report to the Nations – 2018 Study on Occupational Fraud and Abuse,” by the Association of Certified Fraud Examiners (ACFE) contains salient cautionary advice for business owners seeking to protect their businesses. What are the key takeaways?
Many business owners and executives refuse to believe that any of their “team” could possibly perpetrate a fraud against their company (here, we are considering “occupational” fraud – that is, fraud committed against a business or organization by its own employees). They simply don’t want to acknowledge the reality – it hurts too much. While most of an organization’s employees will never steal or abuse the trust placed in them, the ones who do can cause enormous damage.
Addressing fraud head-on
To change individual or organizational behavior in areas such as fraud awareness and prevention, we need to:
- Acknowledge that fraud could be a problem or concern.
- Investigate and analyze information to show the extent of the problem.
- Decide whether a potential problem of fraud exists, and if so …
- Resolve to institute programs and systems of fraud awareness, deterrence, detection, and prevention.
How to begin to acknowledge the problem? For many years, business owners treated fraud events as their own dirty little secrets, hidden from public view. After all, what CEO wants to publicize that their company has just been victimized? This dilemma prompted the creation of the profession of fraud investigation and examination. Formed in 1988, the Association of Certified Fraud Examiners (ACFE) provides fraud information, tools, and training. The ACFE grants the professional designation of Certified Fraud Examiner (CFE). It is the world's largest anti-fraud organization, with nearly 85,000 members.
Just how damaging is corporate fraud?
The ACFE has done a good job over the years of showing the how serious corporate fraud really is. Since 1996, it has published a report that surveys trends in occupational fraud and abuse. Their most recent survey, just published, contains some alarming statistics:
- Total losses sustained as a result of the 2,690 fraud cases included in the study exceed $7.1 billion, yet those cases represent only a tiny fraction of the frauds committed in the world.
- The median (mid-point of the data) loss per incident was $130, 000 – certainly enough to wipe out the yearly profit of many if not most small businesses. More than 20% of the losses were at least $1 million.
- The median duration of a fraud is 16 months.
- Somewhat counterintuitively, small businesses lost almost twice as much per scheme ($200,000 median loss for companies with less than 100 employees versus $104,000 median loss for companies with 100 or more employees).
- Median losses were far greater for schemes involving employee collusion ($339,000).
- Over half (53%) of victimized entities recovered nothing from the fraud perpetrated against it. Less than a third (32%) reported a partial recovery, and only 15% recovered all losses.
Think this can’t happen to your organization? Think again:
- 24 separate industry groups are listed in the survey, reporting median losses per incident ranging from $50,000 (retail) to $525,000 (communications and publishing).
- While 52% of victimized organizations ran a background check on the fraud perpetrator (an alarmingly low number in itself), only 10% were alerted to a red flag (yet chose to hire the perpetrator anyway).
- Owner/executives committed only 19% of the frauds, but with a median cost of $850,000, their actions resulted in by far the largest losses (a perverse sort of Pareto optimality).
- Fraudulent employees with longer tenure (more than five years) stole twice as much as those with shorter tenure (median losses of $200,000 versus $100,000 for those with less than five years’ tenure).
- Only 4% of perpetrators had a prior fraud conviction.
How effective are attempts at fraud prevention?
The ACFE survey makes it clear that occupational fraud is a clear and present danger to organizations of all types and sizes. Having concluded that a problem exists (see Step 3 above), the report then considers the effectiveness of preventive measures (Step 4):
- Codes of conduct, along with audited financial statements, were the most common anti-fraud controls (reported as having been used by 80% of the victim organizations).
- Rewards for whistleblowers and mandatory job rotation/vacation policy were the least common controls (reported by 12% and 19% of the victim organizations, respectively).
It is interesting to note that, while whistleblower rewards were the least-used preventive measure, detection by tips was by far the most prevalent source for revealing frauds (40%). Losses were 50% lower at organizations with hotlines than at those without. Of tips received, only 53% came from internal (employee) sources, while about one-third of tips came from outside the organization (the remaining third were anonymous). This data supports a culture stressing active cultivation of tips and complaints, such as anonymous fraud hotlines, including reporting mechanisms for outside parties. Whistleblowers often fear being identified or retaliated against, which supports being able to report fraud anonymously where legally permissible.
“Active” fraud detection methods such as IT controls, surveillance/monitoring, and account reconciliation, were effective in reducing losses’ duration and extent. By contrast, “passive” methods such as confession by the perpetrator or police notification had significantly larger median fraud losses and durations.
To spotlight the relative effectiveness of anti-fraud controls, the report compared the losses experienced by victim organizations having specific controls in place to losses incurred by organizations without controls in place. Interestingly, every control so analyzed was correlated with lower fraud losses and shorter fraud durations. The percent reduction of fraud amounts ranged from 12% (control: rewards for whistleblowers) to 56% (control: code of conduct), and the percent reduction of fraud duration ranged from 33% (control: employee support programs) to 58% (control: proactive data monitoring/analysis).
Demonstrating the return on investment in anti-fraud initiatives is a real challenge, as it is nearly impossible to measure the losses prevented by a specific control versus the cost to establish and maintain that control. Yet the report does make clear that specific dollar amounts lost due to fraud are significant. Not included in the reported dollar amounts lost due to fraud are consequential damages such as the cost of additional constraints on organizations, which can include higher financing costs, hiring and training costs for replacement employees, reputational damage, and opportunity costs incurred by the distraction and loss of organizational momentum and opportunities.
The report includes a “fraud prevention checklist” that management may wish to consider. The checklist includes the following categories:
- Is anti-fraud training provided to all employees?
- Are proactive measures being taken and promoted to employees?
- Are “basic” anti-fraud controls (e.g. segregation of duties, approval matrices, internal audits, physical safeguards, etc.) in place?
- Are effective fraud reporting mechanisms in place?
- Is the “tone at the top” one of honesty and integrity?
- Are assistance programs in place to help employees struggling with personal problems that could tempt them to commit fraud?
The possibility of your company’s being the victim of employee fraud isn’t pleasant to contemplate – certainly less enjoyable than, say, planning your next advertising campaign. But it is surely more pleasant to consider the topic beforehand proactively than to be reckon with it after the fact. As the ACFE’s “Report to the Nations” makes clear, occupational fraud continues to evolve and is not going away. It is as old and as enduring as human nature itself.